Kaspersky Warns Against AI-Generated Passwords on World Password Day
2 Sources
2 Sources
[1]
Kaspersky Sounds Alarm on AI Password Generators This World Password Day
The appeal is clear. Rather than struggling to come up with a strong password, users can simply ask AI, "Generate a secure password" and get an instant result. AI produces strings that look random, which helps avoid the human tendency to create predictable, dictionary-based passwords. But appearances can be deceptive, AI-generated passwords may not be as secure as they appear. Alexey Antonov, Data Science Team Lead at Kaspersky, tested this by generating 1,000 passwords using some of the more prominent and trusted LLMs including ChatGPT (from OpenAI), Llama (model from Meta group), DeepSeek (newcomer from China). "All of the models are aware that a good password consists of at least 12 characters, including uppercase and lowercase letters, numbers and symbols. They report this when generating passwords," says Antonov.
[2]
On World Password Day Kaspersky warns against AI password generation
How many passwords do you have? It could be more than you think. Most online services and apps require the user to create a password. Chances are many of those passwords are not being used daily and due to this overabundance, there's a high probability that many of the passwords are being reused. Poor password management is compounded by a reliance on common combinations of names, dictionary words and numerals. Not only are these passwords relatively easy to decipher, but if a cybercriminal gains access to a password on one site, that could result in access to a plethora of other sites. People are urged to create unique, random passwords to counter the vulnerability posed by using the same password multiple times. However, password creation and management can be an arduous task. To tackle the burden of password creation and management, people might be tempted to use large language models (LLMs) like ChatGPT, Llama or DeepSeek to generate their passwords. The appeal is clear. Rather than struggling to come up with a strong password, users can simply ask AI, "Generate a secure password" and get an instant result. AI produces strings that look random, which helps avoid the human tendency to create predictable, dictionary-based passwords. But appearances can be deceptive, AI-generated passwords may not be as secure as they appear. Alexey Antonov, Data Science Team Lead at Kaspersky, tested this by generating 1,000 passwords using some of the more prominent and trusted LLMs including ChatGPT (from OpenAI), Llama (model from Meta group), DeepSeek (newcomer from China). "All of the models are aware that a good password consists of at least 12 characters, including uppercase and lowercase letters, numbers and symbols. They report this when generating passwords," says Antonov. "DeepSeek and Llama sometimes generated passwords consisting of dictionary words, in which instead of some letters there are numbers of similar shape: S@d0w12, M@n@go3, B@n@n@7 (DeepSeek), K5yB0a8dS8, S1mP1eL1on (Lllama). Both of these models like to generate the password "password": P@ssw0rd, P@ssw0rd!23 (DeepSeek), P@ssw0rd1, P@ssw0rdV (Llama). Needless to say, such passwords are not safe," adds Antonov. The trick with substituting letters is known and is not difficult to 'brute force'. ChatGPT does not suffer from this problem and generates passwords looks like random ones. For example: qLUx@^9Wp#YZ LU#@^9WpYqxZ YLU@x#Wp9q^Z YLp^9W#qX@zv P@zq^XWLY#v9 v#@LqYXW^9pz X@9pYWq^#Lzv However, if you look closely, you can see patterns. For example, the number 9 is often encountered. Shown below is a histogram of all the symbols in 1000 generated passwords for ChatGPT - it is clear to see that almost all passwords out of 1000 contain the symbols x, p, l, L .... Frequency of characters used in passwords generated by ChatGPT This doesn't look like random letters at all. For Llama, the situation is slightly better: Llama likes the # symbol, the letters p, l, L. Frequency of characters used in passwords generated by Llama DeepSeek shows similar tendencies: Frequency of characters used in passwords generated by DeepSeek An ideal random generator would not prefer any letter. All symbols must appear approximately the same number of times. Also, the algorithms often neglected to insert a special character or digits into the password: 26% of passwords for ChatGPT, 32% for Llama and 29% for DeepSeek. While DeepSeek and Llama sometimes generated passwords shorter than 12 characters. Knowing these dependencies, cyber criminals can significantly speed up password brute force: i.e. rather than trying in order "aaa", "aab", "aac", .. "aba", "abb", "abc", ... "zzz", they could start with frequent combinations. In 2024, Antonov developed a machine learning algorithm to test password strength and found that almost 60% of passwords can be cracked in under an hour using modern GPUs or cloud-based cracking tools. When applied to AI-generated passwords, the results were alarming, they were far less secure than they appeared: 88% of DeepSeek and 87% of Llama generated passwords were not strong enough to withstand attack from sophisticated cyber criminals. While ChatGPT did a little better with 33% of passwords not strong enough to pass the Kaspersky test. "The problem is LLMs don't create true randomness. Instead, they mimic patterns from existing data, making their outputs predictable to attackers who understand how these models work, notes Antonov" Adopt more secure password management Rather than relying on AI, users should adopt dedicated password management software, such as Kaspersky Password Manager. These tools offer several key advantages. First, this type of software uses cryptographically secure generators to create passwords with no detectable patterns, ensuring true randomness. Second, all credentials are stored in a secure vault, protected by a single master password. This eliminates the need to remember hundreds of passwords while keeping them safe from breaches. Additionally, password managers provide auto-fill and synchronization across devices, streamlining logins without compromising security. Many also include breach monitoring, alerting users if their credentials appear in a data leak. While AI can assist with many tasks, password generation is not one of them. The patterns and predictability of LLM-created passwords make them vulnerable to cracking. Instead of taking shortcuts, invest in a reputable password manager, your first line of defense against cyber threats. In an era where data breaches are rampant, a strong, unique password for every account is non-negotiable.
Share
Copy Link
Kaspersky's research reveals potential security risks in passwords generated by AI models, urging users to opt for dedicated password management tools instead.
AI-Generated Passwords: A False Sense of Security
On World Password Day, cybersecurity firm Kaspersky has raised concerns about the growing trend of using AI-powered language models to generate passwords. While these AI-generated passwords may appear secure at first glance, they potentially harbor vulnerabilities that could compromise user security 1.
The Allure of AI Password Generation
With the increasing number of online accounts requiring unique passwords, users are turning to AI for a quick solution. Large Language Models (LLMs) like ChatGPT, Llama, and DeepSeek offer an appealing alternative to the arduous task of creating strong, memorable passwords 2.
Kaspersky's Research Findings
Alexey Antonov, Data Science Team Lead at Kaspersky, conducted a study generating 1,000 passwords using prominent LLMs. The research revealed several concerning patterns:
- Predictable character usage: ChatGPT, Llama, and DeepSeek showed preferences for specific characters, creating detectable patterns 2.
- Dictionary word reliance: DeepSeek and Llama often generated passwords using modified dictionary words (e.g., "P@ssw0rd") 2.
- Inconsistent adherence to security guidelines: 26-32% of passwords lacked special characters or digits, with some falling short of the recommended 12-character length 2.
The Vulnerability of AI-Generated Passwords
Antonov's machine learning algorithm, designed to test password strength, yielded alarming results:
- 88% of DeepSeek-generated passwords were vulnerable
- 87% of Llama-generated passwords were susceptible to attacks
- 33% of ChatGPT-generated passwords failed to meet security standards 2
The Root of the Problem
The fundamental issue lies in the nature of LLMs. As Antonov explains, "LLMs don't create true randomness. Instead, they mimic patterns from existing data, making their outputs predictable to attackers who understand how these models work" 2.
Recommendations for Secure Password Management
In light of these findings, Kaspersky advises against using AI for password generation. Instead, they recommend:
- Utilizing dedicated password management software, such as Kaspersky Password Manager
- Employing cryptographically secure generators for true randomness
- Storing credentials in a secure vault protected by a master password
- Taking advantage of features like auto-fill, cross-device synchronization, and breach monitoring 2
The Importance of Robust Password Security
As data breaches become increasingly common, the need for strong, unique passwords for each account is paramount. While AI can assist with various tasks, password generation remains a critical security function best left to specialized tools designed explicitly for this purpose 2.
Summarized by
Navi
[1]
Databricks Secures $1 Billion Funding at $100 Billion Valuation, Targets AI Database Market
Databricks raises $1 billion in a new funding round, valuing the company at over $100 billion. The data analytics firm plans to invest in AI database technology and an AI agent platform, positioning itself for growth in the evolving AI market.
12 Sources
Business
19 hrs ago
12 Sources
Business
19 hrs ago
Microsoft Excel Introduces AI-Powered COPILOT Function for Advanced Data Analysis
Microsoft has integrated a new AI-powered COPILOT function into Excel, allowing users to perform complex data analysis and content generation using natural language prompts within spreadsheet cells.
9 Sources
Technology
19 hrs ago
9 Sources
Technology
19 hrs ago
Adobe Revolutionizes PDF with AI-Powered Acrobat Studio
Adobe launches Acrobat Studio, integrating AI assistants and PDF Spaces to transform document management and collaboration, marking a significant evolution in PDF technology.
10 Sources
Technology
19 hrs ago
10 Sources
Technology
19 hrs ago
Meta Launches AI-Powered Voice Translation for Facebook and Instagram Creators
Meta rolls out an AI-driven voice translation feature for Facebook and Instagram creators, enabling automatic dubbing of content from English to Spanish and vice versa, with plans for future language expansions.
5 Sources
Technology
11 hrs ago
5 Sources
Technology
11 hrs ago
Nvidia Enhances App with Global DLSS Override and AI-Powered Features for Smoother Gaming Experience
Nvidia introduces significant updates to its app, including global DLSS override, Smooth Motion for RTX 40-series GPUs, and improved AI assistant, enhancing gaming performance and user experience.
4 Sources
Technology
19 hrs ago
4 Sources
Technology
19 hrs ago
Your Daily Dose of Curated AI News
Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.
